A PoC exploit for a fresh vulnerability in Ghostscript was presented this week. The issue endangers all servers using this component. The exploit was published by a Vietnamese information security specialist who is known online under the pseudonym Nguyen The Duc. The code is already available on GitHub, and the effectiveness of the exploit has… Continue reading PoC exploit published for fresh vulnerability in Ghostscript
Tag: Exploit
Atlassian Confluence vulnerability was exploited to install miners
In late August, Atlassian released a hotfix for a Confluence Remote Code Execution (RCE) vulnerability. The issue has ID CVE-2021-26084 and allows an unauthenticated attacker to remotely execute commands on a vulnerable server. The issue has been reported to be dangerous for all versions of Confluence Server and Data Center. After the patch was released,… Continue reading Atlassian Confluence vulnerability was exploited to install miners
Dangerous bug in WhatsApp could lead to disclosure of user data
Check Point specialists spoke about a dangerous bug they discovered in the WhatsApp image processing function, which could lead to the disclosure of user data. The problem helped to disable the application, in addition, by applying certain filters to a specially created image and sending it to a potential victim, an attacker could exploit the… Continue reading Dangerous bug in WhatsApp could lead to disclosure of user data
Researchers spot a tool to hide malware in AMD and Nvidia GPUs for sale
Bleeping Computer discovered that an exploit that uses the memory buffer of AMD and Nvidia GPUs to store malware and execute it, appeared for sale on a hacker forum. In general, this method is not new and similar PoC exploits have already been published earlier, but all these projects were either implemented as part of… Continue reading Researchers spot a tool to hide malware in AMD and Nvidia GPUs for sale
ProxyToken Vulnerability Allows Stealing Mail Through Microsoft Exchange
A dangerous vulnerability called ProxyToken has been discovered in Microsoft Exchange. An attacker can exploit this problem by making requests to the Exchange Control Panel (ECP) web services and stealing messages from the victim’s mailbox. Initially, the problem was discovered by a VNPT ISC specialist, who reported it to Trend Micro Zero-Day Initiative (ZDI) experts… Continue reading ProxyToken Vulnerability Allows Stealing Mail Through Microsoft Exchange
Over 2000 Exchange Servers Hacked Using ProxyShell Exploit
Researchers at Huntress Labs estimate that over the past few days, about 2,000 Microsoft Exchange mail servers have been compromised and infected with backdoors, because their owners have not installed patches to fix ProxyShell vulnerabilities. Let me remind you that the vulnerabilities, which were collectively called ProxyShell, were discussed at the Black Hat conference in… Continue reading Over 2000 Exchange Servers Hacked Using ProxyShell Exploit
Hackers exploit ProxyShell vulnerabilities to install backdoors
Experts warn that hackers are attacking Microsoft Exchange servers, exploiting ProxyShell vulnerabilities, and installing backdoors on them for subsequent access. Let me remind you that the vulnerabilities, which are collectively called ProxyShell, were recently discussed at the Black Hat conference. ProxyShell combines three vulnerabilities that allow remote code execution without authentication on Microsoft Exchange servers.… Continue reading Hackers exploit ProxyShell vulnerabilities to install backdoors
Vulnerability in Windows 10 could allow gaining administrator privileges
Last weekend, the well-known cybersecurity researcher Jonas Lykkegaard reported a rather serious vulnerability in Windows 10. All versions of Windows 10 released in the last 2.5 years (as well as Windows 11) are vulnerable to an issue dubbed SeriousSAM and HiveNightmare. Thanks to this bug, an attacker can elevate his privileges and gain access to… Continue reading Vulnerability in Windows 10 could allow gaining administrator privileges
Researchers trick Windows Hello with infrared image
CyberArk researchers tricked the Windows Hello biometric authentication system that is included in all versions of Windows 10 using an infrared image of the device owner. Researcher Omer Tsarfati says the root of the problem lies in the way Windows Hello handles data from USB-connected webcams. While Windows Hello only works with webcams that have… Continue reading Researchers trick Windows Hello with infrared image
New Issues Found with Windows Print Spooler
Last month, cybersecurity experts inadvertently unveiled a PoC exploit for a dangerous problem related to the Windows Print Spooler service, which is a universal interface between OS, applications and local or network printers, allowing application developers to submit print jobs. As a result, an emergency patch was released for the vulnerability, which was criticized by… Continue reading New Issues Found with Windows Print Spooler